On Fri, Oct 16, 2015 at 8:47 AM, Euler Taveira <eu...@timbira.com.br> wrote: > On 15-10-2015 05:41, kolo hhmow wrote: >> >> I have already explained this in my previous post. Did you read this? > >> > Yes, I do. > >> So why postgresql give users an abbility to use a pam modules, when in >> other side there is advice to not use them? >> Anyway. > >> > Where is such advise? I can't see it in docs [1]. > >> I do not see any complication with this approach. Just use one >> configuration entry in pg_hba.conf, and rest entries in some database >> backend of pam module, which is most convenient with lot of entries than >> editing pg_hba.conf. >> > Why don't you use a group role? I need just one entry in pg_hba.conf.
I feel like this discussion has taken an unhelpful turn. Surely you can see that this is not necessarily an exact substitute for what kolo hhmow wants to do. Yeah, he could decide to do something else instead, but are you really confused about why he would want to do this in PAM, or is this just a case of arguing that what we have is good enough so let's not change anything or take suggestions? He's not saying there's no workaround; he's just saying he'd like this better. I think some more interesting questions are: - Did he implement this correctly? - Would it break anything? - Are there lots of other knobs we should expose too instead of just one? - What would it take to turn this into a committable patch? - Would the cost of exposing this and perhaps some other knobs cost too much in performance for the number of people it would make happy? - If so, should the behavior be GUC-controlled or is there justification for arguing we should drop the whole patch? I feel like we've got somebody new showing up to our community with an idea that is not obviously stupid. If we want such people to stick around, we should try to give their ideas a fair shake. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
